Date: Fri, 11 May 2001 09:06:43 +0200 From: sheldonh@starjuice.net (Sheldon Hearn) To: freebsd-questions@freebsd.org Subject: FreeBSD IDS to babysit Microsoft hosts Message-ID: <70569.989564803@axl.fw.uunet.co.za>
next in thread | raw e-mail | index | archive | help
Hi folks, I'm looking for an IDS that'll run on FreeBSD. However, the quirk is that I'm not interested in the security of the FreeBSD system, as I'm confident in its ability to stay standing. I want an IDS that uses a "database" of problematic signatures and looks for those in TCP streams to and from a finite list of hosts on the same ethernet segment. The signatures I'm particularly interested in are those that may identify attempts to exploit vulnerabilities in Windows servers running IIS, pcAnywhare and Cold Fusion. Ideally, I'd want the vendor to supply timeous updates to the database as new vulnerabilities in typical Windows server software are discovered. I'm not limiting my search to free software. My employer is having so much trouble with his Windows web servers that he'll be quite prepared to fork out cash for something that at least confirms that something funny is going on. Right now, he's never sure whether it's just Microsoft weirdness or a breach. TIA Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?70569.989564803>